1. Field of the Invention
The present invention relates generally to communications systems, and more particularly, to security measures for wireless communications systems.
2. Discussion of the Related Art
Various security measures are known which have been implemented for ensuring an authorized usage of mobile stations and communications equipment in a telecommunications system. The various security measures further are implemented for detecting and eliminating fraudulent users from a given telecommunications network. There are minimum security measures mandated by Global System for Mobile communications (GSM). Any security measures beyond the mandatory GSM recommendations are referred to as optional security measures.
With respect to security measures, GSM supports various procedures for enhancing the security of a telecommunications network. These various procedures include authentication, ciphering, TMSI reallocation, and EIR/IMEI (Equipment Identifier Register/International Mobile Equipment Identifier) Query/check, as briefly discussed further herein below.
Authentication is a process of verifying the identity of a subscriber through a random challenge, for example, on the order of every one in twenty subscribers. Subscribers may be authenticated at given intervals or occurrences from the mandatory minimums to as often as every transaction. Mandatory minimums may include, for example, authentication of a mobile station at power-up or when moving from a current cell into a new cell.
With reference to FIG. 1, authentication will now be further discussed. In a first step, an MSC/VLR (12/14) of wireless communication system 10 requests the HLR 16 to supply authentication vectors for a subscriber mobile station MS 18 (also referred to as mobile equipment ME). The wireless communication system includes a home system and a serving system. In a second step, the HLR 16 returns authentication vectors received from authentication center AC 20 to the MSC/VLR (12/14). The VLR 14 then stores authentication vectors Sign Response, Ciphering Key, and Random Number (SRES, Kc, RAND) until needed. In a third step, when the MSC/VLR (12/14) decides to authenticate, the subscriber Kc and RAND are sent to the BSC 22. RAND is sent to the ME 18. In a fourth step, the ME 18 uses RAND and an A3 algorithm on a subscriber identity module SIM 24 (FIG. 3) of the mobile equipment ME 18 to compute SRES'. SRES' is then passed up from the ME 18 onto the MSC/VLR (12/14). In a fifth step, the VLR 14 checks to see if SRES=SRES'. If so, then the mobile equipment's identity has been authenticated.
With reference now to FIG. 2, an EIR database 30 shall be briefly discussed. The EIR is a GSM database having a record of IMEIs of GSM mobiles which are approved or for which problems have been detected (e.g., stolen mobiles). The EIR database 18 can be accessed by the MSC/VLRs to check the status of a particular IMEI.
The organization of subscriber data in the EIR database may include, for example, a white list, a black list, and a grey list. The white list contains a range of IMEIs allocated to approved mobile equipments (MEs). The black list includes the list of IMEIs for MEs which need to be barred either because that have been stolen or because of severe malfunctions. The grey list is an intermediate list between the white and black lists. The grey list includes IMEIs of faulty MEs whose fault is not important enough to justify total barring. Operators, such as PLMN operators, update the EIR database. The EIR database receives and outputs to/from the MSC/VLR via a suitable protocol, such as a MAP/F (Mobile Application Protocol) protocol.
Ciphering is another security measure and involves a process to scramble the bearer and signaling connection to a particular user. Ciphering keys are updated every time a subscriber is authenticated. When the subscriber is not authenticated, then the ciphering key is "tumbled" by a 3-bit (Ciphering Key) sequence number (CKSN).
With reference now to FIG. 3, authentication's role in ciphering for Mobile Equipment (ME) 18 shall be further discussed. As mentioned, if the ME or MS (mobile station) 18 is not authenticated, then the ME "tumbles" ciphering by using the CKSN. The CKSN is sent to a visitor location register (VLR) 14 upon transaction initiation and is checked to see if the CKSN matches the VLR entry--if so, then the transaction is allowed to proceed, otherwise the transaction is authenticated. The mobile equipment ME 18 is further characterized by inputs, outputs, and other components. Included is a radio interface frame number, RAND, SRES', Subscriber Identity Module (SIM) 24, A3, A8, Ki, A5 algorithm, and encryption, as are well known in the art. With the ME, the security measures include regenerate Kc, and maintain CKSN for future transactions (if not authenticated).
In the art, some mobile equipment is known to be GSM non-compliant. Such GSM non-compliant mobile equipment does not properly store the CKSN and therefore must be authenticated one in one (1 in 1). One perception of authenticating 1 in 1 may be that authentication 1 in 1 increases the likelihood of catching fraudulent subscribers, however, it also increases the exchange of ciphering keys. With the GSM non-compliant mobile equipment, it is further sometimes possible for the CKSNs to be corrupt, wherein improper ciphering (including garbled speech/failed transactions) results.
TMSI is another security measure and represents a Temporary Mobile Subscriber Identifier. TMSI hides the true user identity (IMSI) for clear channel communications, for example, page, mobile origination, and location update. TMSI's can be reallocated or changed from the mandatory minimums (i.e., the first time a subscriber accesses the mobile network system) to as often as every transaction. Furthermore, TMSI relates to a temporary number assigned to a mobile station (MS) for use by the mobile station as the mobile station registers on different telecommunication systems and cell sites. TMSI is used by the mobile station and a respective telecommunications system as a mobile identifier for all air interface communications within a given TMSI zone once the TMSI is assigned. The purpose of the TMSI is to reduce fraud by minimizing the transmission of a mobile station's MIN on the air interface. MIN represents an abbreviation for Mobile Identification Number, which is a ten digit mobile number in the U.S., or a three digit country code with a seven digit mobile number, otherwise. The reassignment of a new TMSI to a given MS occurs when the particular mobile station changes TMSI zones. The TMSI zones are an arbitrary set of base stations defined by a telecommunications operating company.
Additional security measures further include EIR Query and IMEI Check for further providing enhanced network security. With respect to EIR Query and IMEI Check, GSM PLMNs maintain a database of stolen and defective mobiles in an EIR database. A mobile station (MS) has its own identity, referred to as an international mobile equipment identifier (IMEI) which can be checked against the EIR database. EIR query/IMEI check are optional procedures.
The cost of security on a mobile communications network however can adversely impact an operation of the communications network. That is, security measures beyond the mandatory GSM recommendations have a particular cost capacity as outlined in the following. There is an approximate five and a half percent (5.5%) processor capacity loss incurred in going from a situation of no optional authentication to a situation of full authentication for a particular networked model. An approximate additional twelve and three tenths of a percent (12.3%) capacity loss occurs with a change from full authentication to EIR Query/IMEI check for every revenue-generating transaction (SMS/Calls). Lastly, there is an approximate additional two and eight tenths of a percent (2.8%) loss from full authentication and full EIR Query/IMEI check to reallocate TMSI on every transaction. Overall, there is an approximate twenty percent (20%) capacity penalty on a networked model and an approximate twenty-five percent (25%) capacity penalty on a stand alone model. These losses represent cumulative losses.
Furthermore, in known systems, the security measures have included the use of a given authentication procedure, for example, at a rate of one (1) in N calls, having been implemented as a capacity compromise. Still further, with current security measures implemented in coverage areas of high density, for example at airports, the telecommunication systems are virtually forced to disable all but the mandatory authentication and TMSI reallocation (and do not apply EIR Query) in order to maintain a competitive capacity but at the cost of weakened security for the service providers and subscribers.
It would thus be desirable to provide for improved security measures for wireless communication systems.